add feature gate validation for param array indexing #6280
Conversation
tekton-robot
added
release-note
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
size/L
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
| }, | ||
| } { | ||
| tt := tt // capture range variable | ||
| if tt.apiFields == config.AlphaAPIFields { |
There was a problem hiding this comment.
you can use this helper function: https://github.com/tektoncd/pipeline/blob/main/pkg/apis/config/feature_flags.go#L351
There was a problem hiding this comment.
Yeah I noticed that function, but it is not an exported function, do you suggest we export it?
There was a problem hiding this comment.
yeah I think it would be fine to export!
| }}, | ||
| }, | ||
| params: []Param{{Name: "second-param", Value: *NewStructuredValues("second-value", "second-value-again")}}, | ||
| apiFields: config.AlphaAPIFields, |
There was a problem hiding this comment.
can you also add a test for beta api fields?
There was a problem hiding this comment.
beta api fields is a default value in this test function, that's why I didn't add a specific case for that. Do you think we should add that one?
There was a problem hiding this comment.
Hm I'm not really seeing where the default is set to beta, can you point me to it?
I think it would be better to make it explicit-- what if someone changes the default?
| @@ -470,5 +466,10 @@ func (ps *PipelineSpec) ValidateParamArrayIndex(ctx context.Context, params Para | |||
| arrayIndexParamRefs = append(arrayIndexParamRefs, extractArrayIndexingParamRefs(p)...) | |||
| } | |||
|
|
|||
| // if there are array indexing param references, the api feature gate needs to be set to `alpha` or `beta` | |||
| if len(arrayIndexParamRefs) > 0 && !config.CheckAlphaOrBetaAPIFields(ctx) { | |||
| return fmt.Errorf(`indexing into array params: %v require "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) | |||
There was a problem hiding this comment.
| return fmt.Errorf(`indexing into array params: %v require "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) | |
| return fmt.Errorf(`indexing into array params: %v requires "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) |
There was a problem hiding this comment.
This will be a list of params in %v why change it to requires ?
There was a problem hiding this comment.
because "requires" refers to "indexing" not to "array params"
There was a problem hiding this comment.
maybe invalid parameter expression %s: indexing into array params requires "enable-api-fields" feature gate to be "alpha" or "beta"
| @@ -581,5 +577,10 @@ func (ps *PipelineSpec) ValidateParamArrayIndex(ctx context.Context, params Para | |||
| arrayIndexParamRefs = append(arrayIndexParamRefs, extractArrayIndexingParamRefs(p)...) | |||
| } | |||
|
|
|||
| // if there are array indexing param references, the api feature gate needs to be set to `alpha` or `beta` | |||
| if len(arrayIndexParamRefs) > 0 && !config.CheckAlphaOrBetaAPIFields(ctx) { | |||
| return fmt.Errorf(`indexing into array params: %v require "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) | |||
There was a problem hiding this comment.
| return fmt.Errorf(`indexing into array params: %v require "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) | |
| return fmt.Errorf(`indexing into array params: %v requires "enable-api-fields" feature gate to be "alpha" or "beta"`, arrayIndexParamRefs) |
| @@ -540,10 +540,6 @@ func validateResultsFromMatrixedPipelineTasksNotConsumed(tasks []PipelineTask, f | |||
| // error is returned when the array indexing reference is out of bound of the array param | |||
| // e.g. if a param reference of $(params.array-param[2]) and the array param is of length 2. | |||
| func (ps *PipelineSpec) ValidateParamArrayIndex(ctx context.Context, params Params) error { | |||
| if !config.CheckAlphaOrBetaAPIFields(ctx) { | |||
There was a problem hiding this comment.
not in scope for this PR, but this function looks redundant with this one: https://github.com/tektoncd/pipeline/blob/main/pkg/apis/version/version_validation.go#L30
It would be good to remove CheckAlphaOrBetaAPIFields
There was a problem hiding this comment.
CheckAlphaOrBetaAPIFields is equal to
ValidateEnabledAPIFields(ctx,"","alpha") || ValidateEnabledAPIFields(ctx,"","alpha")
So I think using one function to check alpha or beta is better? And ValidateEnabledAPIFields is mainly used for validation webhook.
There was a problem hiding this comment.
I agree that one function would be better! CheckAlphaOrBetaAPIFields is equivalent to ValidateEnabledAPIFields(ctx, "", "beta"), which validates that the flag is set to beta stability or lower.
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
from
4c941dd to
a95d40a
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
from
a95d40a to
68b412b
Compare
tekton-robot
added
the
needs-rebase
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
2 times, most recently
from
1ecb863 to
13afb11
Compare
tekton-robot
removed
the
needs-rebase
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
from
13afb11 to
80b2502
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
from
80b2502 to
24c4db0
Compare
|
The following is the coverage report on the affected files.
|
Before this commit, if alpha or beta feature gate is not enabled, the array indexing params will not be added to string replacements, thus will lead to non-existent variable error. This is confusing to users and doesn't provide correct guidance. This commit adds the check to the array indexing validation. Signed-off-by: Yongxuan Zhang [email protected]
Yongxuanzhang
force-pushed
the
feature-gate-check-for-array-indexing
branch
from
24c4db0 to
2e24d75
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
|
/assign |
|
@Yongxuanzhang: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
tekton-robot
added
the
needs-rebase
| @@ -348,7 +348,8 @@ func CheckAlphaOrBetaAPIFields(ctx context.Context) bool { | |||
| return cfg.FeatureFlags.EnableAPIFields == AlphaAPIFields || cfg.FeatureFlags.EnableAPIFields == BetaAPIFields | |||
| } | |||
|
|
|||
| func setEnableAPIFields(ctx context.Context, want string) context.Context { | |||
| // SetEnableAPIFields sets the config "enable-api-fields" to the "want" value | |||
| func SetEnableAPIFields(ctx context.Context, want string) context.Context { | |||
There was a problem hiding this comment.
It seems like this function and the above wrapper functions are only used for testing purpose. We may want to refactor this part of code to the testing package like: https://github.com/tektoncd/pipeline/blob/main/pkg/apis/config/testing/defaults.go
This gets more necessary when we expose this function, as the value set here is not validated at all. The risk is mitigated if this is in testing package, as production code should not reference it. WDYT?
(But this can be addressed in separate PR)
| name string | ||
| original PipelineSpec | ||
| params []Param | ||
| apiFields string |
There was a problem hiding this comment.
Not related to this PR. I'm not sure why we call it 'apiFields' from beginning instead of apiField (not only here but also other places), "apiFields" looks like a slice to me 🤔
Changes
Before this commit, if alpha or beta feature gate is not enabled, the array indexing params will not be added to string replacements, thus will lead to non-existent variable error. This is confusing to users and doesn't provide correct guidance. This commit adds the check to the array indexing validation.
/kind bug
closes #6102
Signed-off-by: Yongxuan Zhang [email protected]
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes